Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Efficently ban?!?

Comments in 'Plugin Development' started by JackboyPlay, May 4, 2016.

  1. SOFe
    Offline

    SOFe Banned

    Joined:
    May 28, 2016
    Posts:
    386
    Minecraft User:
    Herobrine
    That's why VPNs exist! It is not designed for complete anonymity, but complete anonymity is possible if you are careful enough!
    applqpak and Jazzwhistle like this.
  2. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    364
    Minecraft User:
    Awzaw
    Problem is, everyone slips up eventually ;-)
    applqpak likes this.
  3. SOFe
    Offline

    SOFe Banned

    Joined:
    May 28, 2016
    Posts:
    386
    Minecraft User:
    Herobrine
    Probably not impossible to trace, but very difficult to trace. Say, you use VPNs over VPNs in different countries. Unless it is related to an alien invasion, I doubt how you can get discovered in that way.
    applqpak likes this.
  4. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    364
    Minecraft User:
    Awzaw
    Agreed. There are, however plenty of ways to identify two users as being one and the same which is what we are really talking about here rather than any kind of absolute identification. Language patterns, special skills, spelling mistakes (or lack thereof), personal interests, punctuation etc. can all give server owners clues as to someone's identity, and by that I mean previous accounts rather than their true identity.

    Back on topic: the OP's skin suggestion is actually quite an interesting idea, if it's possible, that would probably thwart a percentage of the spammers and bullies I have to deal with, until they realize that their skin can identify them, of course. An important part of many protective systems (especially software anti-piracy measures, for instance) is to keep people guessing as to what the protection actually consists of.
    Last edited: Jun 9, 2016
    applqpak likes this.
  5. SOFe
    Offline

    SOFe Banned

    Joined:
    May 28, 2016
    Posts:
    386
    Minecraft User:
    Herobrine
    Agreed skin is good, but it is actually even easier to change than client ID, although many people actually use the same skin online/from skin pack.
    As for identifying the same person, you first need to have a human who can recognize these things. Since you have a human anyway, it is just much easier to ban the player every time he misbehaves. You are banning the player to stop him from misbehaving. It doesn't really matter whether it is actually the same person.

    As for "keep people guessing what protection actually consists of", you must first realize that you can't make it a public plugin then ;)
    applqpak likes this.
  6. applqpak
    Offline

    applqpak Active Member Plugin Developer

    Joined:
    Dec 16, 2015
    Posts:
    284
    Plugins:
    1
    Minecraft User:
    applqpak
    That's really hard tbh. Most people nowadays lack proper grammar, punctuation, etc..

    Plus, anyone with a brain would already think of this :}
    minebuilder0110 likes this.
  7. minebuilder0110
    Offline

    minebuilder0110 Notable Member

    Joined:
    Dec 8, 2014
    Posts:
    485
    Minecraft User:
    Apparitional
    Another problem about banning players by skin is, what if someone with Steve/Alex skin gets banned? I personally use them to hide my identity. Skin would be better if used for 2FA.
    As for spelling, punctuation and grammar, I agree with @applqpak. Some of them seems to occur on more than one person, such as capitalizing first letter of every word, or putting space on both sides of comma. But if you are lucky, he could be the only one with such habit.
    applqpak likes this.
  8. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    364
    Minecraft User:
    Awzaw
    I was talking about ways to recognize people online in a broader context than MCPE servers. For forums such as this for example, account bans and ip bans are a good enough solution since offensive content can be removed before many people see it, and staff are good at identifying repeat offenders before they can do much damage.

    The problem with MCPE servers is of course that anyone can just keep coming back in swearing and insulting players until they get banned again (if by chance there's staff online). Over and over and over again. Even more annoying are the players who spend weeks and even months gaining the trust of staff to get a rank with some permissions, and then go on a spree of destruction which can wipe out days of work by other builders, and mean hours of work for me and the staff. Maybe MojangAuth is going to help fix this situation, but until we see how it is going to work I'm not sure it's even going to be possible for me to switch to that and still be sure everyone is who they say they are.

    True, but mostly we are not dealing with people who even know about plugins. Some of my staff have been with me for nearly 2 years and run their own servers either at home or LEET, but they only just realized this week that it is possible to use a plugin to steal passwords to hack other staff accounts on my servers... so I reckon a ban plugin that includes recognizing the skin will be useful - most of the repeat offenders are too proud to use Steve/Alex anyway, and even keep using "Anon" in every username for example, because they actually DO want to be recognized and respected for their "talent" at getting around all the possible bans!
    applqpak likes this.
  9. SOFe
    Offline

    SOFe Banned

    Joined:
    May 28, 2016
    Posts:
    386
    Minecraft User:
    Herobrine
    The simplest way is to write code to prevent all kinds of destruction. Never forget the very ultimate problem we are facing. We don't want to ban people. We just don't want to things that make us want to ban people.
    applqpak likes this.
  10. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    364
    Minecraft User:
    Awzaw
    I do hear what you are saying, but unfortunately the only way to do that is to prevent Guests from talking at all, and never giving anybody any permissions!
    applqpak likes this.
  11. SOFe
    Offline

    SOFe Banned

    Joined:
    May 28, 2016
    Posts:
    386
    Minecraft User:
    Herobrine
    • Backups
    • More frequent (like, hourly) checking from really trustworthy people
    • Mod detectors
    • Powerful swearing checking, or even to be double-checked by staff through notification
    applqpak likes this.
  12. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    364
    Minecraft User:
    Awzaw
    That's pretty much where I'm at already. Now testing my new top secret and forever private MegaBan plugin that doesn't use any of the ideas on this thread.
    applqpak likes this.
  13. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    364
    Minecraft User:
    Awzaw
    I've added automatic hack detection and protection to SimpleAuth; if anyone wants to try it, please check my github for source code and instructions.

    Players get a PIN code when they first login, and they need that pin code (or a console reset) before they can login again if more than one change is detected to IP, CID and SKIN since their most recent login.

    The goal is to prevent malicious server owners stealing accounts. 99% of the time players will not notice the hack protection, but anyone who steals a password will be unable to join.

    This is fully tested on an updated MySQL SimpleAuth database, and with the yaml provider. SQLITE is still untested.

    I probably won't ever be able to release this officially :-/
    Last edited: Jun 19, 2016
    applqpak likes this.
  14. applqpak
    Offline

    applqpak Active Member Plugin Developer

    Joined:
    Dec 16, 2015
    Posts:
    284
    Plugins:
    1
    Minecraft User:
    applqpak
    I don't know what you mean exactly by "plugin to steal passwords to hack other staff accounts"... I have not heard of a plugin like this, and even if it did existed why would you be using it?

    I think you're talking about a mod... and that's called "brute forcing", or "dictionary attacking". Google "service hack mcpe", you'll get more of an idea ;)
  15. applqpak
    Offline

    applqpak Active Member Plugin Developer

    Joined:
    Dec 16, 2015
    Posts:
    284
    Plugins:
    1
    Minecraft User:
    applqpak
    What about people with a Dynamic IP? I have a Dynamic IP... This would just be a big hassle for me, and all your players.
  16. applqpak
    Offline

    applqpak Active Member Plugin Developer

    Joined:
    Dec 16, 2015
    Posts:
    284
    Plugins:
    1
    Minecraft User:
    applqpak
    All in all, I see the best method as having a couple of staff(maybe, around 10-15) that are all in different time zones.
  17. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    364
    Minecraft User:
    Awzaw
    You misunderstand. I have lots of great staff already. However many staff play on other servers, and some reuse their passwords from my servers... which then get stolen by unscrupulous owners.

    My version of SimpleAuth monitors changes to IP, CID and skins. A dynamic IP wouldn't need you to enter the PIN code each time it changes, unless you also changed skin or CID at the same time.
    applqpak and luke7153 like this.
  18. 17bhata
    Offline

    17bhata New Member

    Joined:
    Mar 30, 2016
    Posts:
    33
    Minecraft User:
    Deathstroke
    The problem here is a very old one... the balance between freedom and safety. Too much freedom, and no one can be safe. Too much safety, and no one can have freedom. The balance here is the key, but it depends on the server owner. If you impose too much security like what I have seen here, players feel like the server is some sort of authoritative regime, a definite turnoff.
    applqpak likes this.
  19. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    364
    Minecraft User:
    Awzaw
    Several of my servers were attacked this week by an unhappy former member of staff who stored up passwords of other staff (by inviting them to his server). I have regular backups so that wasn't really a problem, but many players lose hours work when you restore, and when many staff accounts are compromised a restore isn't much help, even if it includes the auth database. Accounts can still be hacked, and I still can't ban 100% reliably, but with this extra protection running/fixing my servers will hopefully take less time, so I'll have more time to code for it instead.

    So far my players are happy to have an additional level of safety for their account, none of them want to be hacked, and the process of adding a PIN code has made them more aware of the importance of not using the same passwords everywhere.
    applqpak likes this.
  20. Hotshot_9930
    Offline

    Hotshot_9930 Notable Member Plugin Developer

    Joined:
    May 26, 2014
    Posts:
    665
    Plugins:
    2
    Minecraft User:
    HotshotHD
    There is no way to efficiently ban a player. Their is always that one loophole.
    Primus and applqpak like this.

Share This Page

Advertisement